Automate Certificate Installation with Active Directory When Using SSL Login

A Smoothwall configured to act as a proxy to enable content filtering using a web based SSL login page.

Installing the certificate on the Computer

Open Internet Explorer, and log in to the Smoothwall Secure Login page as you normally would to gain internet access

You will be faced with a security alert dialog box. At the bottom, underneath the question Do you want to proceed? are three buttons, Yes, No, and View Certificate. Click View Certificate

You can now see the details of the certificate. At the top are three tabs labeled Certificate (the current tab), Details, and Certification Path. At the moment, we need to install the certificate using the button at the bottom middle of the dialog box. Clicking on this button will install the certificate on to your system.

As we want to install the certificate on the computer, click Install Certificate

Now follows a series of dialog boxes asking for your input to install the certificate. Click Next, Next, and Finish

You will finally see a dialog box informing you that the certificate import wizard has been successful Click the OK button, then OK on the Certificate dialog and Yes on the Security Alert dialog box

Now we need to export the certificate so we can add the file directly into a Group Policy configured on Active Directory.

Exporting the Certificate from the Certificate Store

Inside Internet Explorer, go to Tools, then select Internet Options

At the top of the Internet Options dialog box are several tabs. Select the Content tab

In the middle of the dialog box is a button labeled Certificates. Click on it

Click on the tab labeled Trusted Root Certificates and look for the hostname of your Smoothwall in the Issued To and Issued By columns. Click on this certificate to select it

The certificate we want may be distinguished by having no Friendly Name, instead this will be labeled with . Click the button labeled Export on the dialog

Click Next

At the following screen, ensure that Base-64 encoded x.509 (.CER) certificate is selected, and click Next

In the Filename box, type in SWSSLCERT. No file extension is needed, as this is automatically added by the export wizard. Click Next

On the dialog box labeled Completing the Certificate Export Wizard, quickly look at the File Name line to ensure you know where the certificate will be saved. Click Finish

Click OK on each open dialog box to close all the open dialog boxes

Creating Group Policy to Automatically Install the Smoothwall Certificate